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DETAILED ACTION 

Claims 1,4-7, 10-13,16-17, 19-24, 27-28, 30-31 are pending in this application. 
Claims 1,11, 23-24, 28 are the independent claims. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

Claims 1, 4-7, 10-13, 16-17, 19-24, 27-28, 30-31, 36-41 are rejected under 
35 U.S.C. 103(a) as being unpatentable over Traversat et al. (2002/0147810) in 
view of Elliott et al. (US 20020064149). 
As per claim 1 , Traversat et al. teach 

a method of providing from a centralized location access control to a resource for 
one or more users - paragraphs 21 (discovery in a peer-to-peer environment 
may be based on centralized discovery with a centralized index), 71 , 73-74 
(implementing a centralized, client-server model based on the core components), 
and 77. 
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receiving at the centralized location an authorization request from a first entity to 
issue authorization data for the one or more users based on roles associated 
with the users as part of an organization model - pars. 162, 368, 420, and 440. 

authorization data is required by a second entity for allowing the first entity to 
access a resource controlled by the second entity - pars. 78 (facilities provided 
as services in the service layer may include. ..authentication. ..peer group 
membership), 102 (each peer group may have different policies to authorize a 
peer to become a rendezvous peer), 328, 439. 

responsive to the received authorization request, issuing the authorization data 
from the centralized location to the first entity - pars. 73-74, 439-440. 

wherein the first entity provides the issued authorization data to the second 
entity, said authorization data including an expression identifying the resource by 
a resource name and by at least one property associated with the resource to 
conditionally define access to the resource - pars. 72, 159, 331 , 422-426. 

said authorization data further including validation information: receiving at the 
centralized location a validation request from the second entity to validate the 
issued authorization data that was provided to the second entity by the first 
entity... validating the issued authorization data based on the validation 
information included therein included therein - pars. 73-74,162, 422-423, 439, 
455. However, Traversat seems not explicitly disclose sending from the 
centralized location a response to the second entity indicating ...Elliott discloses 
a centralized message database offerings for MCl's business customers - 
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paragraphs 1289, 1567, 1578; responses from the ISP to external requests - 
pars. 944, 1 296, 1 389, 1 579-1 581 . Thus, it would have been obvious to one of 
ordinary skill in the art at the time of the invention to combine Traversat's 
teaching with Elliott's teaching in order to allow a centralized location to response 
to requests from other attached locations in order to manage and serve users. 

As per claim 4, Traversat et al. teach 

wherein receiving the request and issuing the authorization data occur over a 
secure sockets layer - pars. 418-419, 437. 

As per claim 5, Traversat et al. teach 

wherein receiving the request and issuing the authorization data occur over a 
network such as the Internet - pars. 77-78. 

As per claim 6, Traversat et al. teach 

creating the expression identifying the resource in authorization data in response 
to the received authorization request - pars. 30, 325, 364. 



As per claim 7, Traversat et al. teach 
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encrypting the created expression - pars. 78, 94, 139. 
As per claims 1 1 and 23, Traversat et al. teach 

a method for validating at the centralized location authorization data to provide 
access to a resource for one or more users - paragraphs 21 (discovery in a 
peer-to-peer environment may be based on centralized discovery with a 
centralized index), 71 , 73-74 (implementing a centralized, client-server model 
based on the core components), and 77. 

receiving at the centralized location an authorization request from a client to 
issue authorization data for the one or more users based on roles associated 
with the users - pars. 73-74, 162, 368, and 440. 

wherein said authorization data is required by an affiliate server for allowing the 
client to access a resource controlled by said affiliate/second/member/partner 
server - pars. 78 (facilities provided as services in the service layer may 
include. ..authentication. ..peer group membership), 102 (each peer group may 
have different policies to authorize a peer to become a rendezvous peer), 328, 
439. 

responsive to the received authorization request, generating at the centralized 
location an authorization token - pars. 74, 139, 439. 
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having a header field (pars. 132, 144, 355), a source field, and a claim field, said 
header field representing validation information, said source field representing 
the identity of the user (pars. 242-246), said claim field specifying the resource 
conditionally, said claim field including an expression identifying the resource by 
a resource name (pars. 1 1 3, 1 1 7, 1 59, 1 72 )and by at least one property 
associated with the resource to conditionally define access to the resource - 
pars. 72, 107, 139, 162. 

sending the authorization token from the centralized location to the client, 
wherein the client provides the authorization token to the affiliate server - pars. 
74, 139,439. 

receiving at the centralized location over a secure sockets layer a validation 
request from the affiliate server to validate the authorization token, said receiving 
the validation request comprises receiving a data packet according to the SOAP, 
and further comprising extracting the authorization token from the received data 
packet - pars. 72, 355, 419-425. 

retrieving validation information from the header of the received authorization 
data; evaluating the retrieved validation information to determine a validation 
status of the received authorization token - pars. 162, 206, 439-440. 

sending a response to the affiliate server indicating a determined validation 
status responsive to said evaluating the retrieved validation information - pars. 
325, 352, 355. However, Traversat seems not explicitly disclose sending from 
the centralized location a response to the second entity indicating ...Elliott 
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discloses a centralized message database offerings for MCl's business 
customers - paragraphs 1289, 1567, 1578; responses from the ISP to external 
requests - pars. 944, 1296, 1389, 1579-1581. Thus, it would have been obvious 
to one of ordinary skill in the art at the time of the invention to combine 
Traversat's teaching with Elliott's teaching in order to allow a centralized location 
to response to requests from other attached locations in order to manage and 
serve users. 

As per claim 12, Traversat et al. teach 

evaluating the expression to identify the resource - par. 72. 

As per claim 13, Traversat et al. teach 

extracting a target scope from the received authorization data, said extracted 
target scope identifying the resource - pars. 71 , 110-112. 

As per claim 16, Traversat et al. teach 

wherein receiving the validation request including the authorization token occurs 
over a network such as the Internet - pars. 77-78. 
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decrypting the received authorization data token - pars. 139, 441 . 
As per claim 19, Traversat et al. teach 

retrieving a signature from the header of the received authorization data - pars. 
94, 139, 143. 

As per claim 20, Traversat et al. teach 

determining that the retrieved signature is invalid, and wherein sending the 
response comprises sending a response indicating the invalidity of the received 
authorization data token - pars. 139, 426, claim 12. 

As per claim 21 , Traversat et al. teach 

wherein retrieving the validation information comprises retrieving an expiration 
date from the header of the received authorization token - pars. 451-453. 

and wherein evaluating the retrieved validation information comprises comparing 
the retrieved expiration date to a current time stamp to determine if the received 
authorization token has expired - pars. 439-440. 
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As per claim 22, Traversat et al. teach 

wherein the received authorization token has been determined to be expired, and 
further comprising sending a response indicating the invalidity of the received 
authorization token - pars. 152, 451, 453. 

As per claim 24, Traversat et al. teach 

receive an authorization request from a first entity to issue authorization data for 
the one or more users from the centralized location based on roles associated 
with the users - pars. 21. 73-74, 162, 368, and 440. 

wherein said authorization data is required by a second entity for allowing the 
client to access a resource controlled by said second entity - pars. 72-74, 78. 

an authorization component adapted to issue at the centralized location the 
requested authorization data for the users based on the roles associated with the 
users - pars. 73-74, 162, 368, and 440. 

an expression identifying a resource by a resource name and by a property 
associated with the resource and said authorization data including the validation 
information - pars. 72, 159, 331, 422-426. 

receive a validation request from the second entity, said validation request 
including the authorization data - pars. 162, 175, 439. 
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a parser component adapted to retrieve validation information from the received 
authorization data - pars. 30, 121, 219. 

a validation component adapted to evaluate the retrieved validation information - 
pars. 162, 439. 

wherein the interface component is further adapted to send a response indicating 
the validation status of the received authorization data responsive to said 
evaluating the retrieved validation information - pars. 81, 101, 323-325. 
However, Traversat seems not explicitly disclose sending from the centralized 
location a response to the second entity indicating ...Elliott discloses a 
centralized message database offerings for MCl's business customers - 
paragraphs 1289, 1567, 1578; responses from the ISP to external requests - 
pars. 944, 1 296, 1 389, 1 579-1 581 . Thus, it would have been obvious to one of 
ordinary skill in the art at the time of the invention to combine Traversat's 
teaching with Elliott's teaching in order to allow a centralized location to response 
to requests from other attached locations in order to manage and serve users. 

As per claim 27, Traversat et al. teach 

a scope component to evaluate the expression to identify the resource - par. 72. 



As per claim 28, Traversat et al. teach 
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a memory area accessible from the centralized location for storing authorization 
data for use in providing a first entity access to a resource that is controlled by a 
second entity - pars. 72-74, 77-78, 139. 

said authorization data including an expression identifying the resource by a 
resource name and by at least one property associated with the resource - pars. 
72, 159, 331,422-426. 

...issuing from the centralized location responsive to a request from the first 
entity, the authorization data for a user based on a role associated with the user 
and for validating, in response to a request from the second entity, the 
authorization data to provide access to the resource - pars. 73-74, 162, 175, 
439. 

As per claim 30, Traversat et al. teach 

evaluating the expression to identify the resource - par. 72. 

As per claim 31 , Traversat et al. teach 

wherein the authorization data comprises a token - pars. 139, 439. 



As per claim 36, Traversat et al. teach 
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wherein the first entity is an application program - pars. 124, 362, 458. 
As per claim 37, Traversat et al. teach 

wherein the first entity is a computing device - pars. 88-89, 97, 328. 



As per claim 38, Traversat et al. teach 

generating a signature based on the expression identifying the resource, and 
wherein the validation information includes said generated signature - pars. 94, 
139, 451-453. 

As per claim 39, Traversat et al. teach 

wherein the validation information includes an expiration date - pars. 451-453. 
As per claim 40, Traversat et al. teach 

a site identifier identifying the first entity - pars. 72, 88-89, 97, 328. 



As per claim 41 , Traversat et al. teach 
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retrieving the validation information from the received authorization data - pars. 
72, 101, 121,422-423, 441. 

evaluating the retrieved validation information - pars. 162, 439. 

sending a response to the second entity indicating the validation status of the 
received 

authorization data responsive to said evaluating the retrieved validation 
information - pars. 325, 352, 355. 

Response to Arguments 

Applicant's arguments filed 4/2/09 have been fully considered but they are 
not persuasive. Regarding the Applicant's argument on the newly added 
limitations "at the centralized location", "sending from a centralized location...", 
Examiner provided a new ground of rejection, please see the above. However, 
Traversat does disclose in paragraphs 21 (discovery in a peer-to-peer 
environment may be based on centralized discovery with a centralized index), 
73-74 (implementing a centralized, client-server model based on the core 
components). 

Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to LINH BLACK whose telephone number is 
571-272-4106. The examiner can normally be reached on Mon.-Thurs.. 
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If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, James Trujillo can be reached on 571-272-3677. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 

LINH BLACK 
Examiner 

/HUNG Q. PHAIW Art Unit 21 59 

Primary Examiner, Art Unit 2159 
June 8, 2009 



